Nap pwg discussion
Download
1 / 7

NAP / PWG Discussion - PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on

NAP / PWG Discussion. August 17, 2009. NAP Deployment Overview. No Corpnet Connectivity. Corpnet. Various Computing Resources (Application, Infrastructure, Remediation Servers, Other healthy devices, etc ). . Network Access Servers. Network Clients. Laptop. Network Packet Flow. LDAP.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' NAP / PWG Discussion' - sen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Nap pwg discussion

NAP / PWG Discussion

August 17, 2009


Nap deployment overview
NAP Deployment Overview

No Corpnet Connectivity

Corpnet

Various Computing Resources

(Application, Infrastructure, Remediation Servers, Other healthy devices, etc).

Network Access

Servers

Network Clients

Laptop

Network Packet Flow

LDAP

AD

Media-specific

Protocol

802.1x Switch

Desktop

PC

RADIUS

Virtual Circuit

OLEDB/

ODBC

Mac

NAP Server

(“NPS”)

802.1x Wireless AP

PDA

SQL

Network Packet Flow

Smartphone

VoIP

Phone

Remediation

Servers

Remediation Network


Nap architecture

Health

Policy Servers

Active

Directory

NAP Architecture

HealthRemediation Servers

User/Machine

Authentication

Configuration/

Compliance

Validation

Updates

NAP Server

NAP Client

System Health Agents (SHA)

System Health Validators (SHV)

Windows

(Inbox)

Forefront

SCCM

Other

Windows

(Inbox)

Forefront

SCCM

Other

NAP Compliance Check States

NAP Agent

Network Policy Server (NPS)

MS-SOH Protocol (Health Data Exchange)

Enforcement Servers (ES)(“Network Access Servers”)

Various

Network

Protocols

Enforcement Clients (EC)

Network Access

ControlProtocol

(RADIUS)

802.1x

IPsec

TSG

HRA

VPN Srv

DHCP srv

VPN

DHCP

Others

802.1x

Switch


Sccm sha health evaluation
SCCM SHA – Health Evaluation

Client Requesting

Network Access

[Client Non-Compliant]

Client Requesting

Network Access

[Client Now Compliant]

Compare Client-submitted“SCCM Policy Cookie”

with

AD-reported “SCCM Policy Cookie”

  • SCCM SHA Collects “SCCM Policy Cookie” from SCCM Agent

  • SCCM SHA Packages Cookie in SCCM SOH

2. What SCCM Policy is

assigned to client?

Lookup machine and obtain AD-expected “SCCM Policy Cookie”

3. Retrieve Patches/Software

1. Where is the SCCM Management Point?

  • Client does scan to determine what’s missing

  • Client finds its missing patch “X”

  • SCCM Policy Cookies (Client and AD Reported)

  • MATCH. Therefore:

  • Client is compliant.

  • Client is provided with FULL network access

  • SCCM Policy Cookies (Client and AD Reported)

  • DON’T MATCH. Therefore:

  • Client is non-compliant.

  • Client access may be restricted

  • Client asked to remediate non-compliance(“Get Patched”)

Compare Client-submitted“SCCM Policy Cookie”

with

AD-reported “SCCM Policy Cookie”

NAP Remediation Network

[Client Access is Restricted]

Request Network Access with SOH (including SCCM Policy Cookie)

4. Install Patches and/or Software Retrieved

from SCCM DP.

Request Access with SOH(including SCCM Policy Cookie)


Windows sha health evaluation
Windows SHA – Health Evaluation

WSHA Check States MATCH

WSHV-Defined Check States?

  • WSHA checks MATCHWSHV checks?

  • Client given FULL ACCESS

  • WSHA checks DO NOT MATCH

  • WSHV Checks?

  • Client given RESTRICTED ACCESS

  • Client Remediates

  • Tries Again

Request Network Access with SOH (including WSHA Check States)

Request Access with SOH(including WSHA Check States)

  • WSHA Collects “Check States” from Windows Action Center (AV, Patch, Firewall)

  • WSHA Packages Checks in WSHA SOH




ad